From 9676900d65847a59b8a0f8b03489d59bb979993c Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Wed, 14 Jan 2026 17:16:48 +0000 Subject: [PATCH 1/2] Add support for the `FAIR_VERIFICATION_KEY` environment variable during verification key checking. --- src/cli/did-verification-key-check.ts | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/cli/did-verification-key-check.ts b/src/cli/did-verification-key-check.ts index c1fb8a5..b1f029a 100644 --- a/src/cli/did-verification-key-check.ts +++ b/src/cli/did-verification-key-check.ts @@ -39,6 +39,8 @@ Key input (one required): Public key should be in did:key format (did:key:z6Mk...) or multibase format (z6Mk...). Private key can be in PEM, multibase, or hex format. + If neither --key nor --key-file is provided, uses FAIR_VERIFICATION_KEY environment variable. + Optional: --help Show this help message @@ -56,12 +58,6 @@ if (!values.did) { process.exit(2); } -if (!values.key && !values['key-file']) { - console.error('Error: Must provide either --key or --key-file'); - console.error('Run with --help for usage information.'); - process.exit(2); -} - if (values.key && values['key-file']) { console.error('Error: Cannot specify both --key and --key-file'); console.error('Run with --help for usage information.'); @@ -88,9 +84,16 @@ try { // --key-file accepts both public and private keys const keyInput = await readFile(values['key-file'], 'utf-8'); publicKeyMultibase = await getVerificationPublicKeyMultibase(keyInput); - } else { + } else if (values.key) { // --key only accepts public keys - publicKeyMultibase = await parsePublicKeyOnly(values.key!); + publicKeyMultibase = await parsePublicKeyOnly(values.key); + } else if (process.env.FAIR_VERIFICATION_KEY) { + // FAIR_VERIFICATION_KEY env var - handles like --key-file + publicKeyMultibase = await getVerificationPublicKeyMultibase(process.env.FAIR_VERIFICATION_KEY); + } else { + console.error('Error: Must provide --key, --key-file, or set FAIR_VERIFICATION_KEY environment variable'); + console.error('Run with --help for usage information.'); + process.exit(2); } } catch (err) { if (err instanceof VerificationKeyInputError) { From cda08169baba4e33bf7bafea0088035075c38dec Mon Sep 17 00:00:00 2001 From: John Blackbourn Date: Wed, 14 Jan 2026 17:17:02 +0000 Subject: [PATCH 2/2] Docs. --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index 9bf4c3c..357ce47 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ fair-tools did service replace Replace a service URL in a DID fair-tools did service remove Remove a service URL from a DID fair-tools did service verify Verify a FAIR service endpoint URL fair-tools did verification-key add Add a verification key +fair-tools did verification-key check Check if a verification key is valid for a DID fair-tools did verification-key revoke Revoke a verification key fair-tools did rotation-key add Add a rotation key fair-tools did rotation-key revoke Revoke a rotation key @@ -248,6 +249,31 @@ fair-tools did verification-key add \ Use `--output-file` to save the new key to a different file instead of the signing file. +### Check verification key + +Checks if a verification key is present in the DID document's verification methods. + +```bash +fair-tools did verification-key check \ + --did did:plc:xxx \ + --key did:key:z6Mk... +``` + +You can also provide the key via file or environment variable: + +```bash +# From a file (accepts public key or private keypair) +fair-tools did verification-key check \ + --did did:plc:xxx \ + --key-file ./key.pem + +# From environment variable +FAIR_VERIFICATION_KEY=z6Mk... fair-tools did verification-key check \ + --did did:plc:xxx +``` + +If neither `--key` nor `--key-file` is provided, uses `FAIR_VERIFICATION_KEY` environment variable. + ### Add rotation key Generates a new rotation key, adds it to a DID, and saves it to the key file.